A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
References
Configurations
History
21 Nov 2024, 07:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch | |
References | () https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html - | |
References | () https://security.netapp.com/advisory/ntap-20240125-0005/ - | |
References | () https://security.netapp.com/advisory/ntap-20240229-0002/ - | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
11 Mar 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch | |
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
First Time |
Qemu
Qemu qemu |
|
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
06 Dec 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-06 07:15
Updated : 2024-11-21 07:59
NVD link : CVE-2023-2861
Mitre link : CVE-2023-2861
CVE.ORG link : CVE-2023-2861
JSON object : View
Products Affected
qemu
- qemu
CWE